Blame view
net/netfilter/xt_DSCP.c
3.96 KB
a468701db [NETFILTER]: x_ta... |
1 2 3 4 5 6 7 8 9 10 |
/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8 * * (C) 2002 by Harald Welte <laforge@netfilter.org> * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * See RFC2474 for a description of the DSCP field within the IP Header. |
a468701db [NETFILTER]: x_ta... |
11 |
*/ |
8bee4bad0 netfilter: xt ext... |
12 |
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
a468701db [NETFILTER]: x_ta... |
13 14 15 16 17 18 19 20 21 22 |
#include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> #include <linux/ipv6.h> #include <net/dsfield.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_DSCP.h> MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
2ae15b64e [NETFILTER]: Upda... |
23 |
MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification"); |
a468701db [NETFILTER]: x_ta... |
24 25 26 |
MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_DSCP"); MODULE_ALIAS("ip6t_DSCP"); |
c9fd49680 [NETFILTER]: Merg... |
27 |
MODULE_ALIAS("ipt_TOS"); |
5c350e5a3 [NETFILTER]: IPv6... |
28 |
MODULE_ALIAS("ip6t_TOS"); |
a468701db [NETFILTER]: x_ta... |
29 |
|
d3c5ee6d5 [NETFILTER]: x_ta... |
30 |
static unsigned int |
4b560b447 netfilter: xtable... |
31 |
dscp_tg(struct sk_buff *skb, const struct xt_action_param *par) |
a468701db [NETFILTER]: x_ta... |
32 |
{ |
7eb355865 netfilter: xtable... |
33 |
const struct xt_DSCP_info *dinfo = par->targinfo; |
3db05fea5 [NETFILTER]: Repl... |
34 |
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; |
a468701db [NETFILTER]: x_ta... |
35 36 |
if (dscp != dinfo->dscp) { |
3db05fea5 [NETFILTER]: Repl... |
37 |
if (!skb_make_writable(skb, sizeof(struct iphdr))) |
a468701db [NETFILTER]: x_ta... |
38 |
return NF_DROP; |
3db05fea5 [NETFILTER]: Repl... |
39 |
ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK), |
a468701db [NETFILTER]: x_ta... |
40 41 42 43 44 |
dinfo->dscp << XT_DSCP_SHIFT); } return XT_CONTINUE; } |
d3c5ee6d5 [NETFILTER]: x_ta... |
45 |
static unsigned int |
4b560b447 netfilter: xtable... |
46 |
dscp_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
a468701db [NETFILTER]: x_ta... |
47 |
{ |
7eb355865 netfilter: xtable... |
48 |
const struct xt_DSCP_info *dinfo = par->targinfo; |
3db05fea5 [NETFILTER]: Repl... |
49 |
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
a468701db [NETFILTER]: x_ta... |
50 51 |
if (dscp != dinfo->dscp) { |
3db05fea5 [NETFILTER]: Repl... |
52 |
if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) |
a468701db [NETFILTER]: x_ta... |
53 |
return NF_DROP; |
3db05fea5 [NETFILTER]: Repl... |
54 |
ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK), |
a468701db [NETFILTER]: x_ta... |
55 56 57 58 |
dinfo->dscp << XT_DSCP_SHIFT); } return XT_CONTINUE; } |
135367b8f netfilter: xtable... |
59 |
static int dscp_tg_check(const struct xt_tgchk_param *par) |
a468701db [NETFILTER]: x_ta... |
60 |
{ |
af5d6dc20 netfilter: xtable... |
61 |
const struct xt_DSCP_info *info = par->targinfo; |
a468701db [NETFILTER]: x_ta... |
62 |
|
af5d6dc20 netfilter: xtable... |
63 |
if (info->dscp > XT_DSCP_MAX) { |
8bee4bad0 netfilter: xt ext... |
64 65 |
pr_info("dscp %x out of range ", info->dscp); |
4a5a5c73b netfilter: xtable... |
66 |
return -EDOM; |
a468701db [NETFILTER]: x_ta... |
67 |
} |
d6b00a534 netfilter: xtable... |
68 |
return 0; |
a468701db [NETFILTER]: x_ta... |
69 |
} |
c9fd49680 [NETFILTER]: Merg... |
70 |
static unsigned int |
4b560b447 netfilter: xtable... |
71 |
tos_tg(struct sk_buff *skb, const struct xt_action_param *par) |
5c350e5a3 [NETFILTER]: IPv6... |
72 |
{ |
7eb355865 netfilter: xtable... |
73 |
const struct xt_tos_target_info *info = par->targinfo; |
5c350e5a3 [NETFILTER]: IPv6... |
74 75 76 77 |
struct iphdr *iph = ip_hdr(skb); u_int8_t orig, nv; orig = ipv4_get_dsfield(iph); |
9bb268ed7 [NETFILTER]: xt_T... |
78 |
nv = (orig & ~info->tos_mask) ^ info->tos_value; |
5c350e5a3 [NETFILTER]: IPv6... |
79 80 81 82 83 |
if (orig != nv) { if (!skb_make_writable(skb, sizeof(struct iphdr))) return NF_DROP; iph = ip_hdr(skb); |
cdfe8b979 [NETFILTER]: xt_T... |
84 |
ipv4_change_dsfield(iph, 0, nv); |
5c350e5a3 [NETFILTER]: IPv6... |
85 86 87 88 89 90 |
} return XT_CONTINUE; } static unsigned int |
4b560b447 netfilter: xtable... |
91 |
tos_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
5c350e5a3 [NETFILTER]: IPv6... |
92 |
{ |
7eb355865 netfilter: xtable... |
93 |
const struct xt_tos_target_info *info = par->targinfo; |
5c350e5a3 [NETFILTER]: IPv6... |
94 95 96 97 |
struct ipv6hdr *iph = ipv6_hdr(skb); u_int8_t orig, nv; orig = ipv6_get_dsfield(iph); |
1ed2f73d9 netfilter: IPv6: ... |
98 |
nv = (orig & ~info->tos_mask) ^ info->tos_value; |
5c350e5a3 [NETFILTER]: IPv6... |
99 100 101 102 103 |
if (orig != nv) { if (!skb_make_writable(skb, sizeof(struct iphdr))) return NF_DROP; iph = ipv6_hdr(skb); |
cdfe8b979 [NETFILTER]: xt_T... |
104 |
ipv6_change_dsfield(iph, 0, nv); |
5c350e5a3 [NETFILTER]: IPv6... |
105 106 107 108 |
} return XT_CONTINUE; } |
d3c5ee6d5 [NETFILTER]: x_ta... |
109 |
static struct xt_target dscp_tg_reg[] __read_mostly = { |
4470bbc74 [NETFILTER]: x_ta... |
110 111 |
{ .name = "DSCP", |
ee999d8b9 netfilter: x_tabl... |
112 |
.family = NFPROTO_IPV4, |
d3c5ee6d5 [NETFILTER]: x_ta... |
113 114 |
.checkentry = dscp_tg_check, .target = dscp_tg, |
4470bbc74 [NETFILTER]: x_ta... |
115 116 117 118 119 120 |
.targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", .me = THIS_MODULE, }, { .name = "DSCP", |
ee999d8b9 netfilter: x_tabl... |
121 |
.family = NFPROTO_IPV6, |
d3c5ee6d5 [NETFILTER]: x_ta... |
122 123 |
.checkentry = dscp_tg_check, .target = dscp_tg6, |
4470bbc74 [NETFILTER]: x_ta... |
124 125 126 127 |
.targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", .me = THIS_MODULE, }, |
c9fd49680 [NETFILTER]: Merg... |
128 129 |
{ .name = "TOS", |
5c350e5a3 [NETFILTER]: IPv6... |
130 |
.revision = 1, |
ee999d8b9 netfilter: x_tabl... |
131 |
.family = NFPROTO_IPV4, |
5c350e5a3 [NETFILTER]: IPv6... |
132 133 134 135 136 137 138 139 |
.table = "mangle", .target = tos_tg, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, }, { .name = "TOS", .revision = 1, |
ee999d8b9 netfilter: x_tabl... |
140 |
.family = NFPROTO_IPV6, |
5c350e5a3 [NETFILTER]: IPv6... |
141 142 143 144 145 |
.table = "mangle", .target = tos_tg6, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, }, |
a468701db [NETFILTER]: x_ta... |
146 |
}; |
d3c5ee6d5 [NETFILTER]: x_ta... |
147 |
static int __init dscp_tg_init(void) |
a468701db [NETFILTER]: x_ta... |
148 |
{ |
d3c5ee6d5 [NETFILTER]: x_ta... |
149 |
return xt_register_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); |
a468701db [NETFILTER]: x_ta... |
150 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
151 |
static void __exit dscp_tg_exit(void) |
a468701db [NETFILTER]: x_ta... |
152 |
{ |
d3c5ee6d5 [NETFILTER]: x_ta... |
153 |
xt_unregister_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); |
a468701db [NETFILTER]: x_ta... |
154 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
155 156 |
module_init(dscp_tg_init); module_exit(dscp_tg_exit); |